3 @6^e@sHddlZddlZddlZddlZddlmZmZmZGdddeZ dS)N) SpiderFootSpiderFootPluginSpiderFootEventc@sNeZdZdZddiZddiZdZdZefddZ dd Z d d Z d d Z dS) sfp_dnsrawzhDNS Raw Records:Footprint,Investigate,Passive:DNS::Retrieves raw DNS records such as MX, TXT and others.verifyTzVerify SPF hostnames resolve.NcCsH||_|j|_|j|_d|_x"t|jD]}|||j|<q.WdS)NDNS)sf tempStorageeventschecked__dataSource__listkeysopts)selfsfcuserOptsoptr5/var/www/spiderfoot.crq.systems/modules/sfp_dnsraw.pysetup%s   zsfp_dnsraw.setupcCs dddgS)N INTERNET_NAME DOMAIN_NAMEZDOMAIN_NAME_PARENTr)rrrr watchedEvents/szsfp_dnsraw.watchedEventsc Csddddddddd g S) N PROVIDER_MAIL PROVIDER_DNSRAW_DNS_RECORDSDNS_TEXTDNS_SPFrZINTERNET_NAME_UNRESOLVEDAFFILIATE_INTERNET_NAMEZ"AFFILIATE_INTERNET_NAME_UNRESOLVEDr)rrrrproducedEvents5s zsfp_dnsraw.producedEventscCs|j}|j}|j}|jj|}d}|}|jjd|d|||jkr\|jjd|dSd|j|<|jjd|t}ddgdd gd d gd } x t| j D]} |j rdSyt j j |t jj| } |jjd ddkr|jd } nt jj} | jd} t jj| | dd}x8|jD],}t||jkr8qd|jt|<xt| j D]}|jjdt|d| |dtj| |dtjtjB}tj|t|}t|dkrqVx`|D]V}|jjd|t|}t | |d||j!|}|j"|| dkrB|j#j$|ddd rBt d||j!|}|j"|| dkrd|krt d||j!|}|j"|tjd|tjtjB}|rx|D]}d|krq|j#j$|dddrd}nd}|jdr|jj%| r|jjd|d |d!7}t |||j!|}|j"|qWqWqVWt|}t d"||j!|}|j"|qWWqt&k r}z,|jj'd#|d$| d%t|d&WYdd}~XqXqWdS)'NzReceived event, z, from zSkipping duplicate event for TzGathering DNS records for z(\S+\s+(?:\d+)?\s+IN\s+MX\s+\d+\s+(\S+)\.rz"\S+\s+(?:\d+)?\s+IN\s+NS\s+(\S+)\.rz\S+\s+TXT\s+"(.[^"]*)"r)MXNSTXT _dnsserverr)timeoutz Checking z + against z Matched: r#)includeChildrenincludeParentsrzv=spfrzinclude:(.+?) _rrzHost z could not be resolvedZ _UNRESOLVEDrz"Failed to obtain DNS response for (z): F)( eventTypemoduledatar hashstringdebugr dictr r checkForStopdnsmessage make_query rdatatype from_textrgetresolverget_default_resolver nameserversqueryudpanswerstrr recompile IGNORECASEDOTALLfindalllenr__name__notifyListeners getTargetmatches resolveHost BaseExceptionerror)revent eventName srcModuleName eventData eventDataHashaddrs parentEventZrecdataZrecsrecreqnnsresxrxpatgrpsmstrdataevtrJdomainZevt_typeerrr handleEvent;s       $  "       zsfp_dnsraw.handleEvent) rG __module__ __qualname____doc__roptdescsr r r2rrr rcrrrrrs r) rA dns.resolverr4 dns.query dns.rdatatypesflibrrrrrrrrs